Hackers Steal Credit Card Data From Visitors of US Senate GOP Committee Website

pdclarry writes: While all of the recent news has been about hacking the Democratic National Committee, apparently the Republicans have also been hacked over many months (since March 2016). This was not about politics, however; it was to steal credit card numbers. Brian Krebs reports: "a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the web storefront of the National Republican Senatorial Committee (NRSC). [...] If you purchased a 'Never Hillary' poster or donated funds to the NRSC through its website between March 2016 and the first week of this month [October 2016], there's an excellent chance that your payment card data was siphoned by malware and is now for sale in the cybercrime underground." Krebs says his information comes from Dutch researcher Willem De Groot, co-founder and head of security at Dutch e-commerce site byte.nl. The Republicans were not alone; theirs was just one of 5,900 e-commerce sites hacked by the same Russian actors. You can view De Groot's analysis of the malware planted on the NRSC's site and other services here. Krebs adds: "The NRSC did not respond to multiple requests for comment, but a cached copy of the site's source code from October 5, 2016 indicates the malicious code was on the site at the time (load this link, click 'view source' and then Ctrl-F for 'jquery-cloud.net')."

Inside Job

Take a close look at the people who run the GOP website. For decades they've been collecting email addresses and spamming the hell out of anyone that registers on the site. People behind the scenes running DNC and GOP have very low morals, they use email addresses like a commodity. I started receiving 3rd party spam only days after registering. They sold my email address to a handful of different companies without my consent. Any website that would do that normally would find themselves out of business pretty quick... because it's wrong and in some countries illegal (because it's wrong). If I had to do it over again I would have never registered with the GOP or any political website and I urge my friends not to do it. You might as well throw away your email address because you'll be bombarded by spam for years to come. With that in mind, I say take a look at the web developer as being a prime suspect. I equate their morality with that of a porn site, none at all.

Re:Is NRSC Federal Government or Private? Private.

[smooth+wombat]

Obviously you're not from the U.S. or you would have known instantly the NRSC has nothing to do with our government aside from being a way for Republicans to get money for Senatorial candidates. The Democrats do the same thing, they just call their version something different.

No one, particularly at this level of fundraising, would be stupid enough to use a .gov domain name. That invites all kinds of scrutiny, and possible legal action, which no one wants to be part of.